Fix outgoing vpn firewall rule for abuse. (!88) · Merge requests · leap / Container Platform / lilypad

micah requested to merge micah/lilypad:fix_abuse_fw into main Jul 17, 2024

The firewall rule that was put in place to stop vpn users from doing bad things was not working. If you were to connect to the vpn, and then attempt to connect to a server over port 25, you would connect. That isn't supposed to happen, as it allows the VPN to be used as a mail abuse vector.

The problem was three-fold:

the rules should be input rules, not output, because of the way containers work with the host
the chain should be the FORWARD chain, not the OUTPUT chain
the rules needed to be before we allow all traffic

This fix has been tested in production.

Fix outgoing vpn firewall rule for abuse.

Merge request reports